List of the EDPB Guidelines

May 30th, 2023 | Posted by Claude-Etienne Armingaud in Guidelines | Non classé | Privacy - (0 Comments)

Access the full list of the EDPB and WP29 Guidelines here, including consultation versions, now-current versions and redlines between versions.

Irish Supervisory Authority “Poking” at Meta’s GDPR Practices

May 26th, 2023 | Posted by Claude-Etienne Armingaud in Case Law | Data Transfer | Europe | Privacy - (0 Comments)

Closing in on the fifth anniversary of the entry into force of the EU General Data Protection Regulation (GDPR), the Irish Data Protection Commission (DPC) announced on 22 May 2023 that it had fined Meta for EUR 1,2b (USD 1.3b), the highest GDPR fine levied since 2018.

Further to the DPC decision (Decision), and in addition to the record fine, Meta will need to:

  • suspend any future transfers of personal data to the United States within five months from the date of notification of the decision to Meta Ireland;
  • ensure the compliance of its data processing operations by ceasing the unlawful processing, including storage, in the United States of personal data of its users in the European Economic Area, transferred without sufficient safeguards, within six months from the date of notification of the DPC’s decision to Meta Ireland.

The core of the grievances relates to a decade-long (and going) crusade initiated by datactivist Maximilien Schrems and its data protection association, None of Your Business (noyb). The crusade started in 2013, with a first step resulting in a resounding cancelation of the Safe Harbor framework, which allowed personal data to be freely transferred from the European Union to the United States, in the 2015 Schrems I case (see our Alert). It was subsequently followed by a same action against Safe Habor’s successor, the Privacy Shield Framework, leading to the same result in the Schrems II case (see our Alerts here, here and here).

(more…)

, , , ,

🇺🇸 Gateway to Privacy: May the Enforcement Be With You – Reflections on Five Years of GDPR

May 4th, 2023 | Posted by Claude-Etienne Armingaud in Conference | Europe | Podcast | Privacy - (0 Comments)

In this episode, Claude-Etienne Armingaud, Eleonora Curreri, and Camille Scarparo celebrate the fifth anniversary of GDPR accompanied with lawyers from our European offices; Thomas Nietsch and Andreas Müller (Berlin), Nóirín McFadden (London), and Gianmarco Marani (Milan). They reflect on how embedded GDPR has become in the cultural scene and with private enforcement. They also touch on the future for UK GDPR and the Data Protection and Digital Information (No.2) Bill.

May the enforcement be with you!

First publication: K&L Gates Hub with Eleonora Curreri, Gianmarco Marani, Andreas Müller, Noirin M. McFadden, Dr. Thomas Nietsch, Camille Scarparo

, ,

Legal 500 Rankings 2023 – Industry Focus: Healthcare And Life Sciences – Firm to Watch – France NEW ENTRY

April 12th, 2023 | Posted by Claude-Etienne Armingaud in eHealth | France | IT | Privacy | Rankings - (0 Comments)

K&L Gates LLP has carved out a niche for work involving medical technology and IT in the healthcare sector. The firm assists with joint ventures and acquisitions in this space, as well as providing advice on GDPR and further data compliance matters.

Source: Legal 500

, ,

Legal 500 Rankings 2023 – Intellectual Property: Trade Marks And Designs – Tier 4 – France NEW ENTRY

April 12th, 2023 | Posted by Claude-Etienne Armingaud in France | Intellectual Property | Rankings | Trademarks - (0 Comments)

Practice head(s): Claude-Etienne Armingaud

Source: Legal 500

, , ,

Legal 500 Rankings 2023 – Industry Focus: IT & the Internet – Tier 2 – France

April 12th, 2023 | Posted by Claude-Etienne Armingaud in France | IT | Privacy | Rankings - (0 Comments)

The team at K&L Gates LLP has strong capabilities advising clients active in the areas of luxury goods, the metaverse and energy, on innovative technologies such as VR and augmented reality, in matters which are often cross-border in nature. It is also well-equipped to advise on e-commerce launches, GDPR due diligence reviews, and acquisition matters. The team, led by Claude-Etienne Armingaud, often works in collaboration with other global offices.

Practice head(s): Claude-Etienne Armingaud

(more…)

, ,

Legal 500 Rankings 2023 – Data Privacy and Data Protection – Tier 2 & Leading Individual – France

April 12th, 2023 | Posted by Claude-Etienne Armingaud in France | Privacy | Rankings - (0 Comments)

Backed by a global network spanning five continents, the data protection, privacy and security group at K&L Gates LLP assists financial institutions and multinationals in mining, biotech (Anika Therapeutics), energy (Envision), home appliances (SharkNinja), pharmaceuticals (Ipsen), manufacturing (K&N Engineering), luxury goods and tech, on wide array of matters across the practice area. Headed by Claude-Etienne Armingaud, an expert in multi-jurisdictional transactional matters, dealing with IT outsourcing and data protection, the group also assists clients with GDPR compliance, data sharing agreements and data protection elements of M&A transactions.

Leading individuals: Claude-Etienne Armingaud – K&L Gates LLP

Practice head(s): Claude-Etienne Armingaud

(more…)

, ,

Gateway to Privacy: Let Go of Everything You Fear to Lose – Training as the First Step to GDPR Compliance

April 11th, 2023 | Posted by Claude-Etienne Armingaud in Data Breach | Europe | Non classé | Podcast | Privacy - (0 Comments)

In this episode, Claude Etienne Armingaud, Eleonora Curreri, and Camille Scarparo introduce a case regarding a U.S. company’s data privacy breach, the consequences a company may face for being non-compliant with GDPR for companies established outside of the EU, and which steps companies can take to prevent these situations.

First publication: K&L Gates Hub with Eleonora Curreri & Camille Scarparo

IAPP DPI: France 2023

March 16th, 2023 | Posted by Claude-Etienne Armingaud in Conference | France | Privacy - (0 Comments)

Well, that’s a wrap on #DPI23 France!

🇺🇸 IAPP DPI France – Codes of Conduct — GDPR’s Prodigal Son Finally Arriving?

March 14th, 2023 | Posted by Claude-Etienne Armingaud in Conference | Data Transfer | Europe | France | Privacy | World - (0 Comments)

Claude-Étienne Armingaud, CIPP/E, Partner, Data Protection Privacy and Security Practice Group Coordinator, K&L Gates

Gabriela MercuriManaging Director, SCOPE Europe

Jörn WittmannDirector Privacy Legislative Strategy and Public Policy, Volkswagen AG

Codes of conduct overseen by accredited monitoring bodies are one of the breakthrough innovations introduced by EU General Data Protection Regulation. As part of its accountability framework, GDPR not only shifted the onus of demonstrative compliance, but also created the possibility for stakeholders to engage in co-regulatory practices. The goal was to allow the industry to support regulatory implementation by developing workable guidance to concretize the GDPR’s provisions. More flexible than other previously adopted compliance tools, CoCs generated high expectations, particularly in the wake of Schrems II, as a possible solution to address international data transfers and enable legal foreseeability. CoCs have not yet reached their full potential, with only a handful of national CoCs deployed and even less at the pan-European level. However, as the cloud ecosystem leads the way, this panel will explore the background of this sectoral success while highlighting CoC’s benefits, as well as their limitations.

What you will learn:

• How to understand the relevancy of CoCs in a post-GDPR, post-Schrems II era.

• What CoCs can bring to an ecosystem, as well as what they should not be pursued for.

• The future of international data transfers amid emerging data protection systems at global levels.

More information.